02136b98bcf4c7be8514c19d818087e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02136b98bcf4c7be8514c19d818087e5_JaffaCakes118
Size

412KB
MD5

02136b98bcf4c7be8514c19d818087e5
SHA1

0d8fd3f1f0efb91ea8e61a4f515cd13e342f0c68
SHA256

e4a38c8836e127363f8632e2b8c2f0d942a9b3116427cdb5604113f8a40a85b8
SHA512

9db8a99a3e5571909e64115ac5ab2e8d3e4f1b396352d565ae870d1cc51f2595f00417e9a6f4604b92e63fbcc38ea4620f78b3504f9678684a66127593730ff8
SSDEEP

12288:1T0lN3khl9xHmFezdTYqSaUlWV1agehJUe:ON3il9xGFez1YqSCV4x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02136b98bcf4c7be8514c19d818087e5_JaffaCakes118

Files

02136b98bcf4c7be8514c19d818087e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63bd4120cc78710b0ad3f5eb7f886dbc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
InterlockedDecrement
DeleteCriticalSection
EnumSystemLocalesA
GetUserDefaultLCID
GetCPInfo
HeapAlloc
LoadLibraryA
WriteFile
Sleep
FreeEnvironmentStringsA
CompareStringA
GetACP
GetLocaleInfoA
VirtualFree
WideCharToMultiByte
GetFileType
HeapDestroy
HeapSize
FreeEnvironmentStringsW
TlsSetValue
GetProcessHeap
InitializeCriticalSection
GetStartupInfoA
ReadConsoleInputA
IsValidCodePage
GetTimeFormatA
HeapCreate
GetProcAddress
GetCommandLineW
GetVersionExA
HeapFree
EnterCriticalSection
GetOEMCP
GetThreadPriority
IsValidLocale
VirtualQuery
SetUnhandledExceptionFilter
LCMapStringA
TlsFree
GetLastError
LCMapStringW
GetCurrentThread
GetTimeZoneInformation
HeapReAlloc
SetLastError
ExitProcess
GetCommandLineA
FreeLibrary
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
SetConsoleCtrlHandler
GetModuleHandleA
GetStringTypeA
LeaveCriticalSection
MultiByteToWideChar
GetCurrentThreadId
TlsGetValue
InterlockedIncrement
GetModuleFileNameW
GetStringTypeW
GetCurrentProcessId
GetModuleFileNameA
SetEnvironmentVariableA
GetLocaleInfoW
CompareStringW
GetTickCount
IsDebuggerPresent
GetEnvironmentStrings
GetStdHandle
UnhandledExceptionFilter
TlsAlloc
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
InterlockedExchange
SetHandleCount
GetDateFormatA

user32

IsCharAlphaNumericW
DefMDIChildProcA

advapi32

CryptGetKeyParam
CryptGetDefaultProviderA
CryptDestroyKey
CryptContextAddRef
RegCreateKeyW
RegSetValueW
ReportEventA
LogonUserW
ReportEventW
RegCreateKeyExW
CryptDestroyHash
CryptVerifySignatureW
RegCreateKeyExA
RegLoadKeyW
RegCloseKey
LookupPrivilegeNameW
RegSaveKeyA
RegEnumKeyW
LookupPrivilegeValueA
RegEnumValueA
RegOpenKeyExW
CryptSetProviderW
CryptEnumProviderTypesA
LookupAccountNameW

wininet

InternetSetCookieA
RetrieveUrlCacheEntryStreamA
InternetCombineUrlA
GopherGetAttributeA
FtpCommandW
RetrieveUrlCacheEntryFileA
InternetGetCertByURLA
DetectAutoProxyUrl
InternetQueryOptionA
ShowSecurityInfo
HttpQueryInfoW
HttpSendRequestW
SetUrlCacheEntryGroup
SetUrlCacheEntryInfoW
GopherCreateLocatorW
InternetCloseHandle
LoadUrlCacheContent
FindFirstUrlCacheGroup

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63bd4120cc78710b0ad3f5eb7f886dbc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

Sections

.text Size: 134KB - Virtual size: 133KB

.data Size: 274KB - Virtual size: 295KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 134KB - Virtual size: 133KB

.data
Size: 274KB - Virtual size: 295KB

.rsrc
Size: 3KB - Virtual size: 2KB